Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 3766425
libpkg: push siglen +/- 1 into the ossl signer
Kyle Evans committed 2 years ago
commit 3766425ec1a0762dcedd15c1925c30efa0ca9333
parent 13b432b
3 files changed +13 -7
modified libpkg/pkg_repo.c
@@ -755,12 +755,8 @@ pkg_repo_archive_extract_check_archive(int fd, const char *file,
		 * over the repo rather than raw.  This required some kludges

		 * to work with, but future pkgsign_verify implementations

		 * should not follow in its path.
- 
		 *
- 
		 * We reduce siglen by one to chop off the NULL terminator that
- 
		 * is packed in with it over in pkg_repo_finish().

		 */
- 
		ret = pkgsign_verify(sctx, rkey, s->sig, s->siglen - 1,
- 
		    dest_fd);
+ 
		ret = pkgsign_verify(sctx, rkey, s->sig, s->siglen, dest_fd);

		if (ret != EPKG_OK) {

			pkg_emit_error("Invalid signature, "

					"removing repository.");
modified libpkg/pkg_repo_create.c
@@ -1018,7 +1018,7 @@ pack_sign(struct packing *pack, struct pkgsign_ctx *sctx, const char *path,
	}



	iov[offset].iov_base = sigret;
- 
	iov[offset++].iov_len = siglen + 1;
+ 
	iov[offset++].iov_len = siglen;



	if (packing_append_iovec(pack, name, iov, offset) != EPKG_OK) {

		free(sigret);
modified libpkg/pkgsign_ossl.c
@@ -344,6 +344,15 @@ ossl_verify(const struct pkgsign_ctx *sctx __unused, const char *keypath,


	(void)lseek(fd, 0, SEEK_SET);
+ 
	/*
+ 
	 * XXX Older versions of pkg write out the NUL terminator of the
+ 
	 * signature, so we shim it out here to avoid breaking compatibility.
+ 
	 * We can't do it at a lower level in the caller, because other signers
+ 
	 * may use a binary format that could legitimately contain a nul byte.
+ 
	 */
+ 
	if (sig[sig_len - 1] == '\0')
+ 
		sig_len--;
+ 


	cbdata.key = key_buf;

	cbdata.keylen = key_len;

	cbdata.sig = sig;
@@ -444,11 +453,12 @@ ossl_sign_data(struct pkgsign_ctx *sctx, const unsigned char *msg, size_t msgsz,
	}



#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
	assert(*siglen <= INT_MAX);
+ 
	assert(*siglen < INT_MAX);

	EVP_PKEY_CTX_free(ctx);

#else

	RSA_free(rsa);

#endif
+ 
	*siglen += 1;

	return (EPKG_OK);

}